5 changed files with 69 additions and 251 deletions
--- a/matrix-synapse.spec
+++ b/matrix-synapse.spec
@ -2,39 +2,69 @@
 # Version suffix in URL when building release candidates
 %global rcx %{nil}
 %global ghversion 1.66.0
 %{?python_enable_dependency_generator}
 %if "%{rcx}"
 %global rcv ~%{rcx}
 %else
 %global rcv %{nil}
 %endif
 Name:       matrix-%{srcname}
-Version:    %{ghversion}%{rcv}
+Version:    1.26.0
 Release:    1%{?dist}
 Summary:    A Matrix reference homeserver written in Python using Twisted
 License:    ASL 2.0
 URL:        https://github.com/matrix-org/%{srcname}
-Source0:    %{url}/archive/v%{ghversion}%{rcx}/%{srcname}-%{ghversion}%{rcx}.tar.gz
+Source0:    %{url}/archive/v%{version}%{rcx}/%{srcname}-%{version}%{rcx}.tar.gz
 Source1:    synapse.sysconfig
 Source2:    synapse.service
 Source4:    synapse@.service
 Source3:    matrix-synapse.sysusers
 BuildArch:  noarch
 Recommends:     %{name}+postgres
 Recommends:     %{name}+systemd
 BuildRequires:  python3-devel
 BuildRequires:  python3-setuptools
 # Test dependencies
 BuildRequires:  python3-mock >= 2.0
 BuildRequires:  python3-parameterized >= 0.7.0
 BuildRequires:  /usr/bin/openssl
-BuildRequires:  systemd-rpm-macros
+
-# Workaround missing python-saml2 dependencies in f35 and f36.
+# Package dependencies
 #BuildRequires:  python3-txacme >= 0.9.2
 BuildRequires:  python3-attrs >= 19.1.0
 BuildRequires:  python3-authlib
 BuildRequires:  python3-bcrypt >= 3.1.0
 BuildRequires:  python3-bleach >= 1.4.3
 BuildRequires:  python3-canonicaljson >= 1.4.0
 BuildRequires:  python3-daemonize >= 2.3.1
 BuildRequires:  python3-frozendict >= 1.0
 BuildRequires:  python3-idna >= 2.5
 BuildRequires:  python3-jinja2 >= 2.9
 BuildRequires:  python3-jsonschema >= 2.5.1
 BuildRequires:  python3-jwt
 BuildRequires:  python3-lxml >= 3.5.0
 BuildRequires:  python3-matrix-synapse-ldap3 >= 0.1
 BuildRequires:  python3-msgpack >= 0.5.2
 BuildRequires:  python3-netaddr >= 0.7.18
 BuildRequires:  python3-phonenumbers >= 8.2.0
 BuildRequires:  python3-pillow >= 4.3.0
 BuildRequires:  python3-prometheus_client
 BuildRequires:  python3-pyOpenSSL >= 16.0.0
 BuildRequires:  python3-pyasn1 >= 0.1.9
 BuildRequires:  python3-pyasn1-modules >= 0.0.7
 BuildRequires:  python3-pymacaroons-pynacl >= 0.13.0
 BuildRequires:  python3-pynacl >= 1.2.1
 BuildRequires:  python3-pysaml2 >= 4.5.0
 BuildRequires:  python3-pyyaml >= 3.11
 BuildRequires:  python3-service-identity >= 18.1.0
 BuildRequires:  python3-signedjson >= 1.1.0
 BuildRequires:  python3-sortedcontainers >= 1.4.4
 BuildRequires:  python3-systemd >= 231
 BuildRequires:  python3-treq >= 15.1
 BuildRequires:  python3-twisted >= 18.9.0
 BuildRequires:  python3-typing-extensions >= 3.7.4
 BuildRequires:  python3-unpaddedbase64 >= 1.1.0
 BuildRequires:  systemd
 BuildRequires:  xmlsec1
-BuildRequires:  xmlsec1-openssl
+
 Requires(pre):  shadow-utils
 Requires:       systemd
 %{?systemd_requires}
 %description
 Matrix is an ambitious new ecosystem for open federated Instant Messaging and
@ -44,207 +74,67 @@ to showcase the concept of Matrix and let folks see the spec in the context of
 a coded base and let you run your own homeserver and generally help bootstrap
 the ecosystem.
 %pyproject_extras_subpkg -n %{name} matrix-synapse-ldap3 postgres saml2 oidc systemd url_preview jwt cache_memory
 %prep
-%autosetup -p1 -n %{srcname}-%{ghversion}%{rcx}
+%autosetup -p1 -n %{srcname}-%{version}%{rcx}
 #sed -i 's|"cryptography>=3.4.7",|"cryptography>=3.4",|' synapse/python_dependencies.py
 #rm tests/storage/test_background_update.py
 # We don't support the built-in client so remove all the bundled JS.
 rm -rf synapse/static
 %generate_buildrequires
 # Missing: sentry,opentracing,redis
 %pyproject_buildrequires -x test,matrix-synapse-ldap3,postgres,saml2,oidc,systemd,url_preview,jwt,cache_memory
 %build
-%pyproject_wheel
+%py3_build
 %install
-%pyproject_install
+%py3_install
-%py3_shebang_fix %{buildroot}%{python3_sitelib}/%{srcname}/_scripts
+
-%pyproject_save_files %{srcname}
+# Synapse includes some benchmarks in a separate Python package named "synmark"
 # which is installed by default. Remove it to avoid shipping it in the Fedora
 # package, since it is unlikely to be useful to end users.
 rm -r %{buildroot}%{python3_sitelib}/synmark/
 install -p -D -T -m 0644 contrib/systemd/log_config.yaml %{buildroot}%{_sysconfdir}/synapse/log_config.yaml
 install -p -D -T -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/sysconfig/synapse
 install -p -D -T -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/synapse.service
 install -p -D -T -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/synapse@.service
 install -p -d -m 755 %{buildroot}/%{_sharedstatedir}/synapse
-install -p -D -m 0644 %{SOURCE3} %{buildroot}%{_sysusersdir}/%{name}.conf
+
 %check
-set -o pipefail
+PYTHONPATH=. trial-3 tests
 PYTHONPATH=%{buildroot}%{python3_sitearch}:%{buildroot}%{python3_sitelib}:$PWD trial-3 tests | tee trial.stdout
 # Guard against new types of tests being skipped.
 WHITELIST="Requires hiredis
 Requires jaeger_client
 Requires Postgres
 \`BaseFederationServlet\` does not support cancellation yet."
 REASONS=$(cat trial.stdout | sed -n '/^\[SKIPPED\]$/{n;p;}')
 SKIPPED=$(comm -23 <(echo "$REASONS" | sort | uniq) <(echo "$WHITELIST" | sort | uniq))
 if [ ! -z "$SKIPPED" ]; then
  echo -e "Failing, because tests were skipped:\n$SKIPPED"
  exit 1
 fi
 %pre
-%sysusers_create_compat %{SOURCE3}
+getent group synapse >/dev/null || groupadd -r synapse
-
+getent passwd synapse >/dev/null || \
    useradd -r -g synapse -d %{_sharedstatedir}/synapse -s /sbin/nologin \
    -c "The user for the Synapse Matrix server" synapse
 exit 0
 %post
 %systemd_post synapse.service
 %systemd_post synapse@*.service
 %preun
 %systemd_preun synapse.service
 %systemd_preun synapse@*.service
 %postun
 %systemd_postun_with_restart synapse.service
 %systemd_postun_with_restart synapse@*.service
-%files -f %{pyproject_files}
+
 %files
 %license LICENSE
 %doc *.rst
 %config(noreplace) %{_sysconfdir}/sysconfig/synapse
 %{python3_sitelib}/synapse/
 %{python3_sitelib}/matrix_synapse*.egg-info/
 %{_bindir}/*
 %{_unitdir}/synapse.service
 %{_unitdir}/synapse@.service
 %attr(755,synapse,synapse) %dir %{_sharedstatedir}/synapse
 %attr(755,synapse,synapse) %dir %{_sysconfdir}/synapse
 %attr(644,synapse,synapse) %config(noreplace) %{_sysconfdir}/synapse/*
 %{_sysusersdir}/%{name}.conf
 %changelog
 * Tue Jul 26 2022 Kai A. Hiller <V02460@gmail.com> - 1.63.1-1
 - Update to v1.63.1
 * Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.62.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
 * Thu Jul 14 2022 Kai A. Hiller <V02460@gmail.com> - 1.62.0-1
 - Update to v1.62.0
 * Wed Jun 29 2022 Kai A. Hiller <V02460@gmail.com> - 1.61.1-1
 - Update to v1.61.1
 - Fix CVE-2022-31052
 * Tue Jun 14 2022 Kai A. Hiller <V02460@gmail.com> - 1.61.0-1
 - Update to v1.61.0
 * Thu Jun 09 2022 Kai A. Hiller <V02460@gmail.com> - 1.60.0-1
 - Update to v1.60.0
 * Thu May 19 2022 Kai A. Hiller <V02460@gmail.com> - 1.59.1-1
 - Update to v1.59.1
 * Wed May 18 2022 Kai A. Hiller <V02460@gmail.com> - 1.59.0-1
 - Update to v1.59.0
 * Wed May 04 2022 Kai A. Hiller <V02460@gmail.com> - 1.58.0-1
 - Update to v1.58.0
 * Thu Apr 21 2022 Dan Callaghan <djc@djc.id.au> - 1.57.0-1
 - Update to v1.57.0
 * Tue Apr 05 2022 Kai A. Hiller <V02460@gmail.com> - 1.56.0-1
 - Update to v1.56.0
 * Thu Mar 24 2022 Kai A. Hiller <V02460@gmail.com> - 1.55.0-1
 - Update to v1.55.0
 * Tue Mar 08 2022 Kai A. Hiller <V02460@gmail.com> - 1.54.0-1
 - Update to v1.54.0
 * Tue Feb 22 2022 Kai A. Hiller <V02460@gmail.com> - 1.53.0-1
 - Update to v1.53.0
 * Wed Feb 09 2022 Kai A. Hiller <V02460@gmail.com> - 1.52.0-2
 - Backport: Fix losing incoming EDUs if debug logging enabled
 * Tue Feb 08 2022 Kai A. Hiller <V02460@gmail.com> - 1.52.0-1
 - Update to v1.52.0
 - Create synapse user and group declaratively
 * Thu Jan 27 2022 Kai A. Hiller <V02460@gmail.com> - 1.51.0-1
 - Update to v1.51.0
 * Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.49.2-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
 * Tue Dec 21 2021 Kai A. Hiller <V02460@gmail.com> - 1.49.2-1
 - Update to v1.49.2
 * Tue Dec 14 2021 Kai A. Hiller <V02460@gmail.com> - 1.49.0-1
 - Update to v1.49.0
 * Tue Nov 30 2021 Kai A. Hiller <V02460@gmail.com> - 1.48.0-1
 - Update to v1.48.0
 * Wed Nov 24 2021 Kai A. Hiller <V02460@gmail.com> - 1.47.1-1
 - Update to v1.47.1
 - Fix CVE-2021-41281
 * Fri Nov 19 2021 Kai A. Hiller <V02460@gmail.com> - 1.47.0-1
 - Update to v1.47.0
 * Thu Nov 04 2021 Kai A. Hiller <V02460@gmail.com> - 1.46.0-1
 - Update to v1.46.0
 * Thu Oct 21 2021 Kai A. Hiller <V02460@gmail.com> - 1.45.1-1
 - Update to v1.45.1
 * Mon Oct 18 2021 Kai A. Hiller <V02460@gmail.com> - 1.44.0-1
 - Update to v1.44.0
 * Thu Sep 09 2021 Kai A. Hiller <V02460@gmail.com> - 1.42.0-1
 - Update to v1.42.0
 * Tue Aug 31 2021 Kai A. Hiller <V02460@gmail.com> - 1.41.1-1
 - Update to v1.41.1
 - Fix CVE-2021-39163, CVE-2021-39164
 * Tue Aug 24 2021 Kai A. Hiller <V02460@gmail.com> - 1.41.0-1
 - Update to v1.41.0
 * Tue Aug 10 2021 Kai A. Hiller <V02460@gmail.com> - 1.40.0-1
 - Update to v1.40.0
 * Thu Jul 29 2021 Kai A. Hiller <V02460@gmail.com> - 1.39.0-1
 - Update to v1.39.0
 * Fri Jul 23 2021 Kai A. Hiller <V02460@gmail.com> - 1.38.1-1
 - Update to v1.38.1
 * Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.38.0-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
 * Sun Jul 18 2021 Dan Callaghan <djc@djc.id.au> - 1.38.0-2
 - fix startup ordering of synapse.service (RHBZ#1910740)
 - relax version requirement for python3-cryptography
 * Wed Jul 14 2021 Kai A. Hiller <V02460@gmail.com> - 1.38.0-1
 - Update to v1.38.0
 * Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 1.26.0-3
 - Rebuilt for Python 3.10
 * Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.26.0-2
 - Rebuilt for updated systemd-rpm-macros
  See https://pagure.io/fesco/issue/2583.
 * Thu Jan 28 2021 Kai A. Hiller <V02460@gmail.com> - 1.26.0-1
 - Update to v1.26.0
--- a/matrix-synapse.sysusers
+++ b/matrix-synapse.sysusers
@ -1,2 +0,0 @@
 #Type  Name     ID  GECOS                                 Home directory  Shell
 u      synapse  -   "Runs the Synapse Matrix homeserver"  /run/synapse    /sbin/nologin
--- a/1
+++ b/1
@ -0,0 +1 @@
 SHA512 (synapse-1.26.0.tar.gz) = 82ca85aa4dc1e3220f89e7f6815786135fa9bd0b33a1055f63b309b1fa193eeb993f832db573586945191e7195e42926c5342776b249dbc8e83daf4c196f00a4
--- a/synapse.service
+++ b/synapse.service
@ -1,6 +1,5 @@
 [Unit]
 Description=Synapse Matrix homeserver
 After=network-online.target postgresql.service
 [Service]
 Type=notify
@ -8,7 +7,7 @@ NotifyAccess=main
 User=synapse
 Group=synapse
 WorkingDirectory=/var/lib/synapse
-ExecStart=/usr/bin/synapse_homeserver --config-path=/etc/synapse/homeserver.yaml
+ExecStart=/usr/bin/python3 -m synapse.app.homeserver --config-path=/etc/synapse/homeserver.yaml
 ExecReload=/bin/kill -HUP $MAINPID
 # EnvironmentFile=-/etc/sysconfig/synapse  # Can be used to e.g. set SYNAPSE_CACHE_FACTOR
 SyslogIdentifier=synapse
--- a/synapse@.service
+++ b/synapse@.service
@ -1,70 +0,0 @@
 [Unit]
 Description=Synapse Worker %i
 AssertPathExists=/etc/synapse/workers/%i.yaml
 # This service should be restarted when the synapse target is restarted.
 #PartOf=synapse.target
 #ReloadPropagatedFrom=synapse.target
 # if this is started at the same time as the main, let the main process start
 # first, to initialise the database schema.
 After=synapse.service
 [Service]
 Type=notify
 NotifyAccess=main
 User=synapse
 WorkingDirectory=/var/lib/synapse
 ExecStart=/usr/bin/synapse_worker --config-path=/etc/synapse/homeserver.yaml --config-path=/etc/synapse/workers/%i.yaml
 ExecReload=/bin/kill -HUP $MAINPID
 Restart=on-failure
 RestartSec=3
 SyslogIdentifier=synapse-%i
 Environment="LD_PRELOAD=/usr/lib64/libjemalloc.so.2"
 CPUAccounting=on
 MemoryAccounting=on
 MemoryHigh=500M
 MemoryMax=1G
 MemorySwapMax=1G
 CPUWeight=75
 PrivateTmp=yes
 PrivateDevices=true
 PrivateUsers=true
 CapabilityBoundingSet=
 AmbientCapabilities=
 DevicePolicy=closed
 ProtectSystem=strict
 ProtectHome=yes
 ProtectControlGroups=yes
 ProtectKernelModules=yes
 ProtectKernelTunables=yes
 ProtectClock=true
 ProtectKernelLogs=yes
 ProtectHostname=true
 ProtectProc=invisible
 ProcSubset=pid
 RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
 RestrictNamespaces=yes
 RestrictRealtime=yes
 RestrictSUIDSGID=yes
 NoNewPrivileges=yes
 LockPersonality=yes
 SystemCallArchitectures=native
 SystemCallFilter=@system-service
 SystemCallFilter=~@privileged @resources @obsolete
 RemoveIPC=true
 [Install]
 WantedBy=multi-user.target
		`@ -1,2 +0,0 @@`
			`#Type Name ID GECOS Home directory Shell`
			`u synapse - "Runs the Synapse Matrix homeserver" /run/synapse /sbin/nologin`
		`@ -0,0 +1 @@`
							`SHA512 (synapse-1.26.0.tar.gz) = 82ca85aa4dc1e3220f89e7f6815786135fa9bd0b33a1055f63b309b1fa193eeb993f832db573586945191e7195e42926c5342776b249dbc8e83daf4c196f00a4`